Security Breach

Webinar: Complying with Canada’s Upcoming Breach Notification Requirements (August 29)
I will participate, with Eduard Goodman, Global Privacy Officer for Cyberscout, at a webinar taking place on Tuesday, August 29, at 11 am PT / 2 pm ET on the management of cybersecurity breaches and notification requirements. The amendments to PIPEDA – through the Digital Privacy Act – will require private-sector organisations doing business in Canada to notify […] Read more
Legal Privilege for Data Security Incident Investigation Reports
My partner Brad Freedman recently published a short article on Legal Privilege for Data Security Incident Investigation Reports. Data security incident response activities usually involve the creation of sensitive communications and documents that might be subject to legal disclosure obligations unless they are protected by legal privilege. An organization’s ability to assert legal privilege over a communication […] Read more

Cybersécurité:Ce que tout dirigeant doit savoir en matière de gouvernance et gestion de risques
March 22, 2017
Palais des congrès de Montréal
Je participerai à l’événement annuel Hop! Le Sommet du commerce de détail se déroulant au Palais des congrès de Montréal les 21 et 22 mars prochain. Je présenterai le 22 mars sur les enjeux en matière de Cybersécurité et protection des renseignements personnels. La plupart des commerces de détail, peu importe leur taille, leur réputation ou les […] Read more

Superior Court of Quebec Authorizes Privacy Class Action in Zuckerman v. Target Corporation
Privacy class actions triggered by data breaches are growing in popularity in Canada, with more than 30 of them pending throughout the country. While none of these cases have yet been heard on their merits, some are being certified or authorized. The Superior Court of Quebec recently rendered judgment on a motion to authorize a […] Read more

With no global standard for data privacy, laws outside U.S. differ in scope
I was recently interviewed by CyberScout just after I appeared on a privacy panel at CyberScout’s Privacy XChange Forum entitled “Where In the World: A Quick and Easy Breakdown of Privacy Standards and Regulations”. In the interview, I summarize the breach notification regulations in Canada and discuss what should be included in a cybersecurity plan. I also discuss […] Read more

Ashley Madison Security Breach: Lessons Learned and Valuable Recommendations for all Businesses
On August 22, 2016, the Office of the Privacy Commissioner of Canada (OPC) released an important joint investigation report regarding the Ashley Madison data breach, which exposed the personal information of some 32 million users of the online dating website marketed to people who are married or in committed relationships. As part of its investigation, […] Read more
Privacy class actions pose threat
Kim Arnott from the Lawyers Weekly published an interested story entitled “Privacy class actions pose threat – Data breach could spur lawsuit“ (at p. 14) in the latest issue of Forensic Accounting & Fraud, (distributed with The Lawyers Weekly and The Bottom Line). I was interviewed for this article, and I discuss how the growing risk […] Read more

Forty hours on privacy
I will be teaching, for a fourth consecutive year, DRT-6929E-A, a privacy law course at the University of Montreal Law Faculty. The class is offered to Masters degree students and takes place every Monday from 4 to 7pm, January 11 to April 11, 2016. I have been teaching since 2009 (e-commerce law from 2009 – […] Read more
Privacy class action update: Appeal dismissed in the IIROC security breach action
After the Investment Industry Regulatory Organization of Canada (IIROC or in French OCRCVM) who monitors all trading activity across the country suffered a security breach in April 2013 (an employee lost a USB drive containing the personal information of individuals with accounts at various brokerage firms), a class action was filed against IIROC, claiming 1,000$ for each […] Read more
Guidance on how to protect personal information using adequate safeguards
My colleague Bradley Freedman published yesterday short piece entitled “Regulatory Guidance for Safeguarding Personal Information” in which he reviews the Office of the Privacy Commissioner of Canada (OPC) recently issued “Interpretation Bulletin – Safeguards” which provides non-binding guidance for compliance with statutory obligations to safeguard personal information. The Interpretation Bulletin is timely in light of […] Read more